chore(backend): mypy strict clean + ruff format pass

Pre-merge sanity per devops checklist (ruff format --check, mypy --strict).

Type fixes:
- ORM models: `Mapped[dict]` → `Mapped[dict[str, Any]]` (audit, scenario, run,
  report, ttp, detection.artifact_files_json). Equivalent on Pydantic DTOs
  (TtpBase.params_schema_json, ScenarioStepBase.params_override_json).
- Rename `TtpRead.current_version` → `TtpRead.version` to mirror the ORM
  column (which itself was renamed in D-009 cleanup).
- Flask blueprints: add `-> ResponseReturnValue` to every view, plus typed
  UUID params on `_validate_step_consistency`.
- `templating/filters.py`: rewrite the conditional re2 import so mypy can
  narrow the union (`ModuleType | None`); the runtime branch on `_re2 is not
  None` removes the unused-ignore that was triggered by warn_unused_ignores.
- `pyproject.toml`: add `flask_login.*` and `pythonjsonlogger.*` to the
  `[[tool.mypy.overrides]]` `ignore_missing_imports` list (both ship without
  typed marker).
- Misc: drop stale `# type: ignore` comments (`app.py:36`,
  `rbac/decorators.py:35`) flagged by `warn_unused_ignores`. Keep
  `logging.JsonFormatter` ignore because the symbol exists at runtime but is
  not re-exported through the typed surface.

Formatting:
- `ruff format` applied (15 files normalized; line-length unchanged at 100).

Verification on this commit:
- `ruff check`  → All checks passed.
- `ruff format --check` → 68 files already formatted.
- `mypy --strict src` → Success: no issues found in 54 source files.
- `pytest tests/unit` → 49 passed.

backend/src/mimic/api/engagements.py

@@ -3,6 +3,7 @@
 from __future__ import annotations
 
 from flask import Blueprint, abort, jsonify
+from flask.typing import ResponseReturnValue
 from sqlalchemy import select
 
 from mimic.api._helpers import jsonify_model, parse_body, parse_uuid
@@ -17,7 +18,7 @@ bp = Blueprint("engagements", __name__)
 
 @bp.get("")
 @require_perm(Permission.ENGAGEMENT_READ)
-def list_engagements():
+def list_engagements() -> ResponseReturnValue:
     stmt = select(Engagement).order_by(Engagement.created_at.desc())
     rows = db.session.execute(stmt).scalars().all()
     return jsonify([EngagementRead.model_validate(row).model_dump(mode="json") for row in rows])
@@ -25,7 +26,7 @@ def list_engagements():
 
 @bp.post("")
 @require_perm(Permission.ENGAGEMENT_CREATE)
-def create_engagement():
+def create_engagement() -> ResponseReturnValue:
     payload = parse_body(EngagementCreate)
     engagement = Engagement(
         client_name=payload.client_name,
@@ -42,7 +43,7 @@ def create_engagement():
 
 @bp.get("/<eid>")
 @require_perm(Permission.ENGAGEMENT_READ)
-def get_engagement(eid: str):
+def get_engagement(eid: str) -> ResponseReturnValue:
     engagement = db.session.get(Engagement, parse_uuid(eid))
     if engagement is None:
         abort(404)
@@ -51,7 +52,7 @@ def get_engagement(eid: str):
 
 @bp.put("/<eid>")
 @require_perm(Permission.ENGAGEMENT_UPDATE)
-def update_engagement(eid: str):
+def update_engagement(eid: str) -> ResponseReturnValue:
     engagement = db.session.get(Engagement, parse_uuid(eid))
     if engagement is None:
         abort(404)
@@ -64,7 +65,7 @@ def update_engagement(eid: str):
 
 @bp.delete("/<eid>")
 @require_perm(Permission.ENGAGEMENT_DELETE)
-def delete_engagement(eid: str):
+def delete_engagement(eid: str) -> ResponseReturnValue:
     engagement = db.session.get(Engagement, parse_uuid(eid))
     if engagement is None:
         abort(404)